🎈🎈树莓派
ubuntu
安装系统
使用Raspberry Pi Imager来烧录系统,这个工具是树莓派官网推荐烧录工具,内置了系统镜像下来,树莓派4B推荐使用64位系统。同时高级设置中支持设置账户密码(账户默认是pi,密码不设置默认为raspberry)和wifi密码,设置完成等待烧录完毕即可。
查找树莓派ip
使用Advanced IP Scanner工具来实现局域网ip扫描,通过制造商来筛选出ip地址。
开启root账户
bash
# 输入root密码
sudo passwd root
# 解锁root账户
sudo passwd --unlock root
# 如果没安装ssh
sudo apt install ssh
# 如果出现password expiry information changed提示
# 修改sshd_config中的PermitRootLogin without-password为PermitRootLogin yes
sudo vi /etc/ssh/sshd_config
# 重启后使用root登陆
reboot修改ubuntu镜像源
bash
vi /etc/apt/sources.list
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/ jammy main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/ jammy main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/ jammy-updates main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/ jammy-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/ jammy-backports main restricted universe multiverse
deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu-ports/ jammy-backports main restricted universe multiverse
deb http://ports.ubuntu.com/ubuntu-ports/ jammy-security main restricted universe multiverse
deb-src http://ports.ubuntu.com/ubuntu-ports/ jammy-security main restricted universe multiverse固定ip
yaml
-- vim /etc/netplan/01-network-manager-all.yaml
-- Let NetworkManager manage all devices on this system
network:
version: 2
renderer: NetworkManager
ethernets:
eth0:
addresses:
- 192.168.10.100/24
nameservers:
addresses: [114.114.114.114, 8.8.8.8]
routes:
- to: default
via: 192.168.10.1
wifis:
wlan0:
dhcp4: true
optional: true
addresses:
- 192.168.10.99/24
nameservers:
addresses: [114.114.114.114, 8.8.8.8]
access-points:
"wifi名称":
password: "wifi密码"必备包
bash
# 安装macvlan必备,否则会出现failed to create the macvlan port: operation not supported.
apt install linux-modules-extra-raspi
# 安装raspi-config图形界面
apt install raspi-configistoreos
安装
参照官网文档将系统刷入SD卡中,并启动机器,通过网线与树莓派连接,修改电脑网卡的IP设置为如下
修改后浏览器访问192.168.100.1,能够正常响应说明系统刷写成功。
修改静态IP
访问http://192.168.100.1/cgi-bin/luci/admin/network,对网卡进行编辑,修改为静态地址,并设置子网掩码和网关。
确认并保存后,将本机的IPV4设置改为自动,并再次访问192.168.10.100查看是否能够成功访问。
调节根目录空间大小
系统中根目录默认空间大小约2G,其中包含了opkg的软件包和docker的目录,所以需要调节根目录大小,避免后续空间不足带来的问题。
bash
$ parted
$ print目前SD卡的磁盘分区如下
bash
Number Start End Size Type File system Flags
1 4194kB 71.3MB 67.1MB primary fat16 boot, lba
2 75.5MB 344MB 268MB primary
3 348MB 2496MB 2147MB primary ext4我们需要调节Number 3,即分区为/dev/mmcblk0p3的分区
bash
$ resizepart 3
$ YES
$ 25G
$ quit
$ resize2fs -p /dev/mmcblk0p3确认根目录是否扩容成功
bash
$ df -h /
Filesystem Size Used Available Use% Mounted on
overlayfs:/overlay 22.5G 1.0M 22.5G 0% /SD卡还剩余约30G的空间,我准备新增分区,用作docker的存储目录。打开后台首页-磁盘信息-系统根目录,点击右侧的三个点,点击分区并格式化。
后台首页-Docker-快速配置,将原来的docker迁移到格式化后的/dev/mmcblk0p4分区
PassWall
bash
$ wget -O passwall https://raw.githubusercontent.com/AUK9527/Are-u-ok/main/apps/all/PassWall_4.72-2_aarch64_a53_all_sdk_22.03.6.run && chmod +x passwall && ./passwall
软件安装
oh-my-zsh
bash
# 安装zsh
apt-get install zsh -y
# 设置默认终端为zsh
chsh -s /bin/zsh
# 安装oh-my-zsh
sh -c "$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
# 安装插件 https://github.com/zsh-users
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
git clone https://github.com/zsh-users/zsh-completions ${ZSH_CUSTOM:-${ZSH:-~/.oh-my-zsh}/custom}/plugins/zsh-completions
# 安装docker docker-compose智能提示
mkdir -p ~/.zsh/completion
curl -L https://raw.githubusercontent.com/docker/compose/1.28.x/contrib/completion/zsh/_docker-compose > ~/.zsh/completion/_docker-compose
# 修改配置
vim ~/.zshrc
plugins=(git zsh-syntax-highlighting zsh-autosuggestions zsh-completions docker docker-compose)
fpath=(~/.zsh/completion $fpath)
autoload -Uz compinit && compinit -i
bindkey ';' autosuggest-accept # 修改自动补全快捷键
bindkey '\ej' backward-char # ALT+j:向左移动一个单词
bindkey '\el' forward-char # ALT+l:向右移动一个单词
bindkey '\ei' up-line-or-history # ALT+i:向上移动一个单词
bindkey '\ek' down-line-or-history # ALT+k:向下移动一个单词
# 刷新生效
source ~/.zshrc
# 安装 powerlevel10k主题
wget -O /usr/share/fonts/MesloLGS_NF_Regular.ttf https://raw.githubusercontent.com/romkatv/powerlevel10k-media/master/MesloLGS%20NF%20Regular.ttf
wget -O /usr/share/fonts/MesloLGS_NF_Bold.ttf https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Bold.ttf
wget -O /usr/share/fonts/MesloLGS_NF_Italic.ttf https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Italic.ttf
wget -O /usr/share/fonts/MesloLGS_NF_Bold_Italic.ttf https://github.com/romkatv/powerlevel10k-media/raw/master/MesloLGS%20NF%20Bold%20Italic.ttf
fc-cache -f -v
git clone --depth=1 https://gitee.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/themes/powerlevel10k
# 修改配置
vim ~/.zshrc
ZSH_THEME="powerlevel10k/powerlevel10k"
# 刷新生效
source ~/.zshrcfrp
基于SakuraFrp实现内网穿透
bash
# 下载frpc
wget https://getfrp.sh/d/frpc_linux_arm64 > frpc && chmod +x frpc && cp ./frpc /usr/local/bin/frpc
# 安装systemd服务
mkdir -p /usr/local/etc/natfrp
vi /etc/systemd/system/frpc@.service
# 填写如下配置
[Unit]
Description=SakuraFrp Service
After=network.target
[Service]
Type=idle
User=nobody
Restart=on-failure
RestartSec=60s
ExecStart=/usr/local/bin/frpc -f %i
WorkingDirectory=/usr/local/etc/natfrp
[Install]
WantedBy=multi-user.target
# 重载服务
systemctl daemon-reload
# 启动隧道
systemctl start frpc@{账户密钥}:{隧道id}
# 查看服务
systemctl list-units "frpc@*"
# 设置服务开机启动
systemctl enable {服务名称}frpc-docker
bash
$ docker run \
-d --restart=always \
--name=frpc-web \
--pull=always \
registry.cn-hongkong.aliyuncs.com/natfrp/frpc \
-f 账户密钥:隧道id --remote_control 远程密码tfoled
bash
# 编辑TFOLED服务
vi /etc/systemd/system/tfoled.service
[Unit]
Description=TFOLED Service
After=multi-user.target
[Service]
Type=idle
ExecStart=python /root/tfoled/TFOL.py
[Install]
WantedBy=multi-user.target
# 重载服务
systemctl daemon-reload
# 启动服务
systemctl start tfoled.service
# 开机启动
systemctl enable tfoled.servicedocker
bash
# 安装证书
$ apt install apt-transport-https ca-certificates curl software-properties-common gnupg lsb-release
# 安装密钥
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
# 添加官方库
$ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# 安装docker
$ apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin
# 修改镜像源
$ curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.iotfoled-docker
bash
# 安装依赖包
$ opkg update
$ opkg install i2c-tools kmod-i2c-gpio kmod-i2c-algo-bit kmod-i2c-algo-pcf kmod-i2c-bcm2835 kmod-i2c-core kmod-i2c-gpio kmod-i2c-mux python3-smbus
# 修改配置
$ echo "dtparam=i2c_arm=on
dtparam=i2c0=on
dtparam=i2c1=on
dtparam=spi=on
dtparam=i2s=on" >> /boot/config.txt
# 重启后执行
$ docker run -itd --name tfoled \
--privileged \
--restart=always \
--name tfoled \
--net=host \
-v ${mount_path}:/data \ # 将需要统计的磁盘挂在到/data目录
-e upper=40 \ # 风扇启动的温度,不填默认45
-e lower=38 \ # 风扇停止的温度,不填默认42
-d xiaokexiang/alpine-tfoledhomeassistant
bash
# 安装homeassistant
$ docker run -d \
--name homeassistant \
--privileged \
--restart=unless-stopped \
-e TZ=Asia/Shanghai \
-v /root/homeassistant:/config \
--network=host \
homeassistant/raspberrypi4-64-homeassistant
# ha容器内部安装hacs
wget -q -O - https://install.hacs.xyz | bash -qinglong
bash
docker run -itd --name jd \
-v /root/jd/scripts:/jd/scripts \
-v /root/jd/log:/jd/log \
-v /root/jd/config:/jd/config \
--network=host \
--restart=always \
docker.io/afeirwu/jd_local操作此处安装脚本的依赖
v2raya
bash
docker run -d \
--restart=always \
--privileged \
--network=host \
--name v2raya \
-e V2RAYA_LOG_FILE=/tmp/v2raya.log \
-v /lib/modules:/lib/modules:ro \
-v /etc/resolv.conf:/etc/resolv.conf \
-v /root/v2raya:/etc/v2raya \
mzz2017/v2rayasamba
bash
# 挂载本机的/root/mount目录到容器的/mount目录
# 设置访问的账户名密码: username & password 和共享目录:share
# 在window上通过\\ip\share访问并输入用户名密码即可
docker run -it --name samba \
-p 139:139 -p 445:445 \
-v /root/mount:/mount \
-d dperson/samba \
-w "WORKGROUP" \
-u "username;password" \
-s "share;/mount/;yes;no;no;all;admin"
# [name;path;browse;readonly;guest;users;admins;writelist;comment]
# [name] is how it's called for clients
# [path] path to share
# [browsable] default:'yes' or 'no'
# [readonly] default:'yes' or 'no'
# [guest] allowed default:'yes' or 'no'
# [users] allowed default:'all' or list of allowed users
# [admins] allowed default:'none' or list of admin users
# [writelist] list of users that can write to a RO share
# [comment] description of shareicloud-backup
bash
docker run -d \
--name icloud-backup \
--restart=always \
-e notification_days=14 \
-e notification_type=Bark \
-e notification_title=icloud_backup \
-e bark_server=api.day.app \
-e bark_device_key=<bark_id> \
-e auth_china=True \
-e apple_id="<icloud_id>" \
-e authentication_type=2FA \
-e folder_structure={:%Y/%m} \
-e auto_delete=True \
-e synchronisation_interval=43200 \
-e icloud_china=True \
-e TZ=Asia/Shanghai \
-e download_path=/home/root/iCloud \
-v <icloudpd_config_path>:/config \
-v <icloudpd_download_path>:/home/root/iCloud \
pjoc/docker-icloudpd:master启动成功后,进入容器执行
sync-icloud.sh脚本,用来手动登陆icloud,登陆成功后重启容器即可。
zerotier
bash
$ docker run -d --name zerotier-one \
--network=host \
--cap-add=NET_ADMIN \
--device /dev/net/tun \
-v ${local_path}:/var/lib/zerotier-one \
zerotier/zerotier \
<network_id>
- 添加端口转发。
bash$ echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf $ echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.conf $ sysctl -p
- 实现实现访问局域网其他设备,需要先在zerotier服务端配置路由规则
再执行如下脚本添加防火墙nat规则:
shell#!/bin/bash # 检查是否以 root 身份运行 if [ "$(id -u)" -ne 0 ]; then echo "请以 root 身份运行此脚本" exit 1 fi # 查找以 zt 开头的 ZeroTier 接口并获取第二行信息 ZT_INFO=$(ip a | grep 'zt' | awk 'NR==2') if [ -z "$ZT_INFO" ]; then echo "未找到 ZeroTier 接口" exit 1 fi # 提取 IP 地址和网卡名,同时计算子网 IP_ADDRESS=$(echo "$ZT_INFO" | grep -oP '\d+\.\d+\.\d+\.\d+/\d+') ZT_INTERFACE=$(echo "$ZT_INFO" | awk '{print $NF}') if [ -z "$IP_ADDRESS" ]; then echo "未找到 ZeroTier 接口的 IP 地址" exit 1 fi NETWORK=$(echo "$IP_ADDRESS" | cut -d'/' -f1) PREFIX=$(echo "$IP_ADDRESS" | cut -d'/' -f2) SUBNET="${NETWORK%.*}.0/$PREFIX" network_info() { echo "Interface: $ZT_INTERFACE, Subnet: $SUBNET" } disable_rules() { iptables -t nat -D POSTROUTING -j postrouting_rule 2>/dev/null iptables -t nat -D postrouting_rule -j zerotier_nat 2>/dev/null iptables -t nat -F zerotier_nat iptables -t nat -X zerotier_nat iptables -t nat -F postrouting_rule iptables -t nat -X postrouting_rule echo "已禁用 NAT 规则" } enable_rules() { disable_rules iptables -t nat -N zerotier_nat 2>/dev/null iptables -t nat -N postrouting_rule 2>/dev/null iptables -t nat -A zerotier_nat -s "$SUBNET" -j MASQUERADE iptables -t nat -A zerotier_nat -o "$ZT_INTERFACE" -j MASQUERADE iptables -t nat -A postrouting_rule -j zerotier_nat iptables -t nat -A POSTROUTING -j postrouting_rule echo "已启用 NAT 规则" iptables -t nat -L -v | grep -E 'postrouting_rule|zerotier_nat' -A 3 } case "$1" in start) enable_rules ;; stop) disable_rules ;; info) network_info ;; *) echo "Usage: $0 {start|stop|info}" exit 1 ;; esac
qinglong
bash
$ docker run -d \
-v /root/conf/qinglong:/ql/data \
-p 5700:5700 \
--name qinglong \
--restart unless-stopped \
whyour/qinglong:2.17immich_upload
bash
$ docker run -d \
--name immich_upload \
-e INSTANCE_URL=<INSTANCE_URL> \
-e API_KEY=<API_KEY> \
-e CRON=<CRON> \
-v <UPLOAD_DIR>:/home
xiaokexiang/immich_upload:latesttailscale
bash
docker run -d --name tailscale \
--restart=unless-stopped --net=host \
--cap-add net_admin \
--cap-add sys_module \
-v /root/conf/tailscale:/var/lib/tailscale \
-v /dev/net/tun:/dev/net/tun \
-e TS_AUTH_KEY="<your_auth_id>" \
-e TS_ROUTES="192.168.10.0/24" \
-e TS_STATE_DIR="/var/lib/tailscale" \
-e TS_HOSTNAME="istoreos" \
tailscale/tailscaleTS_ROUTES参数是用来配置内网转发的地址
nfs-server
bash
docker run --name nfs-server -d \
-v /opt/share:/share \
-v /lib/modules:/lib/modules:ro \
-e NFS_EXPORT_0='/share *(rw,insecure,insecure,no_subtree_check,no_root_squash,fsid=0)' \
--cap-add SYS_ADMIN \
--cap-add SYS_MODULE \
-p 2049:2049 -p 2049:2049/udp \
-p 111:111 -p 111:111/udp \
-p 32765:32765 -p 32765:32765/udp \
-p 32767:32767 -p 32767:32767/udp \
erichough/nfs-server使用
mount -t nfs4 <ip>:/ <local_path>连接服务,nfs4是虚拟文件系统,所以连接的时候,这里必须是/。
注意事项
docker内存统计为0
执行docker stats命令,内存一列的数据为0,原因是内核没有开启cgroup统计,执行下述命令后重启机器即可。
bash
echo "cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1" >> /boot/cmdline.txt